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REMARKS 

By this amendment, claims 1-24 are pending, in which claims 1-3, 7-11, 14-17, and 19-21 
are currently amended, and claims 22-24 are newly added. No new matter is introduced. 

The Office Action mailed February 6, 2006 rejected claims 1-21 under 35 U.S.C. § 102 as 
anticipated by Seid et al (US 5,768,271). Also, claims 1-21 were rejected under 35 U.S.C. § 103 
as obvious over Applicant Admitted Prior Art (hereinafter "APAA") and in view of Seid et al 

In the interest of expediting prosecution. Applicants have amended independent claims 1, 
9, 16, and 21. Amended independent claim 1 recites "wherein said one or more egress routers 
transmit intra- VPN traffic to a destination host belonging to the VPN from sources within 
the VPN within a first access network logical connection for intra- VPN traffic and all extra- 
VPN traffic to the destination host from sources outside the VPN within a second access 
network logical connection for extra- VPN traffic, separate from the first access network logical 
connection." Claim 9 now recites "an access network having an access link to a destination 
host belonging to a virtual private network (VPN)... wherein said one or more egress routers 
transmit intra- VPN traffic to the destination host via the first logical connection and all 
extra- VPN traffic to the destination host via the second logical connection." Claim 16, as 
amended, recites "communicating, from a plurality of ingress routers to one or more egress 
routers, intra- VPN and extra- VPN traffic destined for a destination host belonging to the VPN . . . 
transmitting intra- VPN traffic from said one or more egress routers to the destination host via the 
first logical connection, and transmitting all extra- VPN traffic from said one or more egress 
routers to the destination host via the second logical connection," Independent claim 21 now 
recites "granting, to traffic having the first priority level at the access link, precedence of access 
to a destination host belonging to the VPN over traffic having the second priority level; and 
transmitting the intra- VPN traffic from one or more egress routers to the destination host 
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via a first logical connection, and transmitting all extra- VPN traffic from said one or more 
egress routers to the destination host via a second logical connection." 

The above features further clarify that separate logical connections exist for intra- VPN 
traffic and extra- VPN traffic in that such traffic can be transmitted to the destination host 
belonging to the VPN. The claimed features, as amended, are fully supported in the 
Specification, for example, paragraph [37]. 

The Seid et al. system is concerned with congestion control and management on a per 
VPN basis, whereby congestion outside of a VPN's logical domain does not affect the 
performance of the VPN (see Abstract). This is no disclosure of segregating traffic in a way that 
permits separate logical paths to be used to reach the same destination host. That is, the Seid et 
al. system only segregates traffic among VPNs (inter- VPN traffic), and thus, does not disclose 
routing traffic to the same destination host using different logical paths. 

Specifically, Seid et al. utilizes an identification scheme to identify traffic from particular 
VPNs. Specifically, Seid et al, discloses (col. 7: 1-15) that several VPs can be multiplexed on a 
PP and several VCs can be multiplexed on a VP. Each VC within a VP must be uniquely 
identified at the VP-sap and, similarly, each VP within a transmission path must be uniquely 
identified. Each node within the FR network uses the VC and VP identification information for 
properly switching and routing VPs and VCs. 

Seid et al further discloses (col. 8: 13-20) that a FR node can play the three roles of: (1) 
FR connection switch; (2) VP cross-connect whereby a VP is switched as a global entity (i.e., the 
VCs bundled in the VP are not visible); and (3) VC-switch whereby an ingress VP is terminated 
with its multiplexed VCs unbundled. These VCs are then either terminated or switched to egress 
VPs. FIG. 7 illustrates a situation encompassing the three roles of the node. 
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The Office Action, on page 3, contends that "routers distinguish extra- VPN traffic as 

possessing an evpi (egress Virtual Path identifier) value of "dvpi" and refers to col. 8: 30-40. 

Applicants respectfully disagree in that an egress path does not equate to the claimed extra- VPN 

traffic. The cited passage merely refers to the Ingress Port Connection Table, without any 

mention of the characteristics of the traffic. Rather, the Connection Table shows a mapping of 

ingress ordered pairs to egress ordered pairs. 

In further support of the rejection, the Office Action (on page 3) also refers to passages 

col. 8: 51-57, and col. 9: 19-22: 

Finally, as a standard FR connection switch, the node switches a connection 
identified by ingress dlci 25 on ingress port p to egress dlci 39 on egress port 5. In 
this case, the evpi value is denoted by the special value dvpi, associated with all 
standard FR connections. The purpose of this dvpi designation will be explained 
in greater detail hereinafter, (col. 8: 51-57) 

A frame with the dlci 25 is received on ivpi p. The fields edlci, evpi and eport, 
corresponding to the entry 25 in the connection table, indicate that the frame must 
be forwarded on evpi dvpi of eport 5 with edlci 39. (col. 9: 19-22) 

From the above passages, Applicants submit that one of ordinary skill in the art would not 
reasonably interpret a discussion of ingress and egress ordered pairs to convey information about 
the source of the traffic. For example, Seid et al describes (col. 12: 20-24) that an ingress VP 
identity for the incoming frame is given by the field ivpi in the connection table. The VP concept 
allows the isolation of traffic of one user (or VPN) from the traffic of another user (or VPN). 

In light of the above discussion, it is apparent that Seid et a/., which only distinguishes 
VPNs to isolate traffic from one VPN to another VPN to control congestion, does not disclose 
"wherein said one or more egress routers transmit intra- VPN traffic to a destination host 
belonging to tlie VPN from sources within the VPN within a first access network logical 
connection for intra- VPN traffic and all extra- VPN traffic to the destination host from sources 
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outside the VPN within a second access network logical connection for extra- VPN traffic, 
separate from the first access network logical connection." 

As anticipation requires that all features be taught in a single reference. Applicant submits 
that the rejection of amended independent claims 1, 9, 16, and 21 should be withdrawn. 

The rejection of dependent claims 2-8, 10-15, and 17-20 should be withdrawn for at least 
the same reasons as their respective independent claims, and these claims are separately 
patentable on their own merits. For example, dependent claim 2 recites "wherein the at least one 
of the plurality of ingress routers or the at least one of the one or more egress routers logically 
partitions intra- VPN traffic and extra- VPN traffic usin'g a differentiated services protocol to mark 
correspondingly the intra- VPN traffic and the extra- VPN traffic." The traffic transmitted across 
the frame relay network of Seid et al is differentiated by providing each frame relay packet 
with a unique address field to identify the VCs and VPs associated with the VPN over which the 
packet of information will travel, and not by marking the packets according to a differentiated 
services protocol (which is a specific protocol that is not mentioned in Seid et al). 

With respect to the obyiousness rejection over APAA and in view of Seid et al The 

Office Action, on page 9, acknowledges that APAA does not disclose "wherein intra- VPN and 

extra- VPN are separated into a first and second logical connection, nor that the logical 

connections are partitioned such that denial of service attacks on said access link originating 

from sources outside the VPN are prevented." However, Applicants note that the claims, as 

amended, clearly distinguish over Seid et al Therefore, the obviousness rejection is 

unsustainable, as the proposed combination fails to disclose "wherein said one or more egress 

routers transmit intra- VPN traffic to a destination host belonging to the VPN from sources 

within the VPN within a first access network logical connection for intra- VPN traffic and all 

extra- VPN traffic to the destination host from sources outside the VPN within a second access 
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network logical connection for extra- VPN traffic, separate from the first access network logical 
connection." 

Turning now to newly added claims 22-24, independent claim 22 recites "determining 
whether the packet is originated within the virtual private network or external to the virtual 
private network; and forwarding the packet to the host over a first logical path or a second logical 
path based on the determination, wherein the first logical path is designated for traffic originating 
within the virtual private network and the second logical path is designated for traffic originating 
externally to the virtual private network." Neither the APAA nor the Seid et al reference 
discloses these features. Dependent claim 23 recites "wherein the steps of receiving, determining 
and forwarding are performed at a customer premises router configured to process Internet 
Protocol (IP) packets." Dependent claim 24 recites "wherein the packet is an Internet Protocol 
(IP) packet, and the steps of receiving, determining and forwarding are performed at a customer 
premises router configured to process the IP packet." Claims 23 and 24 are allowable at least for 
their dependency on claim 22. 
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Therefore, the present application, as amended, overcomes the rejections of record and is 
in condition for allowance. Favorable consideration is respectfully requested. If any unresolved 
issues remain, it is respectfully requested that the Examiner telephone the undersigned attorney at 
(703) 425-8508 so that such issues may be resolved as expeditiously as possible. 



10507 Braddock Road 
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Fairfax, VA 22032 
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Respectfully Submitted, 



DITTHAVONG & MORI, P.C. 





Attorney/Agent for Applicant(s ) 
Reg. No. 44658 



14 



